There are too many same classes.

Question

There are too many same classes.

BurningTeng opened this issue 4 years ago · comments

BurningTeng commented 4 years ago

Describe the bug
There are too many same classes.

To Reproduce
Steps to reproduce the behavior:

Attach android app whose package is "com.example.myapplication"
Click on 'Java->Trace'
search "MainActivity"
See some same classes.

Expected behavior
For each, there should be only one class.

Screenshots

Desktop (please complete the following information):

OS: Ubuntu
Version 20.04

Smartphone (please complete the following information):

OS: Android10

PinkiePieStyle · Answer 1 · Mon Nov 23 2020 05:34:03 GMT+0800 (China Standard Time)

Ok seems @iGio90 changed the api to enumerate all loaders
iGio90/DwarfCore@8f6035c#diff-769911c416ccf8514d8fd941ae0abe8fb5c606ade0c218e22151a5f5f9f3d700

ignore it or you can change it back to old func
from
https://github.com/iGio90/DwarfCore/blob/master/src/api.ts#L133
to
https://github.com/iGio90/DwarfCore/blob/0ee0a2c7234c0f5ec5ebcb10334b5c8bf4cb768e/src/api.ts#L120

it should work the same

but yeah it needs some fix showing the loader in ui too or whatever

PinkiePieStyle · Answer 2 · Mon Nov 23 2020 05:47:15 GMT+0800 (China Standard Time)

Or replace in dwarf_debugger/lib/core.js
https://github.com/iGio90/Dwarf/blob/master/dwarf_debugger/lib/core.js#L1545
to 1563

with

ldr.forEach(function (loaderz) {
    Java.classFactory.loader = loaderz;
    Java.enumerateLoadedClasses({
        onMatch: function onMatch(className) {
            if (logic_java_1.LogicJava !== null) {
                if (logic_java_1.LogicJava.javaClasses.indexOf(className) === -1) {
                    logic_java_1.LogicJava.javaClasses.push(className);
                }
            }

            //send("enumerate_java_classes_match:::" + className);
        },
        onComplete: function onComplete() {
            n++;

            if (n === ldr.length) {
                for (var i = 0; i < logic_java_1.LogicJava.javaClasses.length; i++) {
                    send("enumerate_java_classes_match:::" + logic_java_1.LogicJava.javaClasses[i]);
                }
                dwarf_1.Dwarf.loggedSend("enumerate_java_classes_complete:::");
            }
        },
    });
});

BurningTeng · Answer 3 · Mon Nov 23 2020 12:44:16 GMT+0800 (China Standard Time)

I have tried the changed and it works fine. But it looks slower than before.

ldr.forEach(function (loaderz) {
    Java.classFactory.loader = loaderz;
    Java.enumerateLoadedClasses({
        onMatch: function onMatch(className) {
            if (logic_java_1.LogicJava !== null) {
                if (logic_java_1.LogicJava.javaClasses.indexOf(className) === -1) {
                    logic_java_1.LogicJava.javaClasses.push(className);
                }
            }

            //send("enumerate_java_classes_match:::" + className);
        },
        onComplete: function onComplete() {
            n++;

            if (n === ldr.length) {
                for (var i = 0; i < logic_java_1.LogicJava.javaClasses.length; i++) {
                    send("enumerate_java_classes_match:::" + logic_java_1.LogicJava.javaClasses[i]);
                }
                dwarf_1.Dwarf.loggedSend("enumerate_java_classes_complete:::");
            }
        },
    });
});

The result as below:

PinkiePieStyle · Answer 4 · Mon Nov 23 2020 14:11:49 GMT+0800 (China Standard Time)

yeah before it was caching and sending on match
now its caching only on match and sending when enumeration is completed

is this filtered? here it shows a big list

BurningTeng · Answer 5 · Mon Nov 23 2020 18:39:41 GMT+0800 (China Standard Time)

Yes. I use filter "MainActivy". Thanks for your explanation.

I have a question.
If I want to hook method of MyApplication, how to start dwarf?

public class MyApplication extends Application {

    private static String TAG = MyApplication.class.getSimpleName();

    @Override
    public void onCreate() {
        Log.d(TAG, "onCreate");
        super.onCreate();
    }

    @Override
    protected void attachBaseContext(Context base) {
        Log.d(TAG, "attachBaseContext");
        super.attachBaseContext(base);
    }
}

PinkiePieStyle · Answer 6 · Mon Nov 23 2020 19:48:14 GMT+0800 (China Standard Time)

use -bs to break at start or tick the checkbox in ui dialog

BurningTeng · Answer 7 · Mon Nov 23 2020 21:55:57 GMT+0800 (China Standard Time)

I use spawn way to suspend process. But how to resume the process.

Then the window is frozen. Later, there will be a dialog as below.

BurningTeng · Answer 8 · Mon Nov 23 2020 22:00:47 GMT+0800 (China Standard Time)

use -bs to break at start or tick the checkbox in ui dialog

How to use "-bs" to break?
If the app is started, I can not hook onCreate of Application.
If the app is not started, I can not attach it.

PinkiePieStyle · Answer 9 · Mon Nov 23 2020 22:44:28 GMT+0800 (China Standard Time)

application.oncreate gets hooked when u check the break at spawn checkbox and android is <= 6.0
on higher android it breaks at com.android.internal.os.RuntimeInit.commoninit
cant read the dialog but when it fails with 'cant spawn' bla its sometimes a timeout reboot device/restart frida can help

when it works the window where u select the app is closed and dwarf is halted at initbreakpoint
to resume use f5 or process->resume

iGio90 · Answer 10 · Tue Dec 01 2020 02:15:19 GMT+0800 (China Standard Time)

Has this been set?

Do not remove the classloader enumeration thingy as many malware creates and uses custom class loaders, with the result that loaded classes wont be listed there.

PinkiePieStyle · Answer 11 · Tue Dec 01 2020 14:40:06 GMT+0800 (China Standard Time)

not removed but it needs something in ui or no idea wich shows the loader it looks strange atm